Binary webshell through OPcache in PHP 7

Reading Time: 1 Minute
It's only fair to share...
Share on Facebook3Tweet about this on TwitterShare on LinkedInShare on Google+

GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.


This new PHP 7 OPcache attack vector is an additional exploitation technique tailored to specific hardened environments. It is not a universal vulnerability affecting PHP applications. With the arrival of PHP 7.0 in major distributions such as Ubuntu 16.04, this attack vector reinforces even more the need to audit your code for file upload vulnerabilities and to be wary of potentially dangerous server configuration.

Read the full article at GoSecure’s blog: Binary Webshell Through OPcache in PHP 7.

It's only fair to share...
Share on Facebook3Tweet about this on TwitterShare on LinkedInShare on Google+

Advertisement:

Related:   Cracking PHP rand()

Hi! Join the discussion, leave a reply!